|
111
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra…
Update
|
CWE-664
Improper Control of a Resource Through its Lifetime
|
CVE-2026-8517
|
2026-05-20 02:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …
Update
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-8519
|
2026-05-20 02:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an aut…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-4273
|
2026-05-20 02:23 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Update
|
CWE-416
Use After Free
|
CVE-2026-8522
|
2026-05-20 02:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8525
|
2026-05-20 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
7.5 |
HIGH
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controll…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-29962
|
2026-05-20 02:21 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exh…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-6340
|
2026-05-20 02:21 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
7.5 |
HIGH
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without …
New
|
CWE-22
Path Traversal
|
CVE-2026-29963
|
2026-05-20 02:21 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-29964
|
2026-05-20 02:20 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-29965
|
2026-05-20 02:19 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
